Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornl6720 <nl6720@gmail.com>2022-11-26 21:35:38 +0200
committernl6720 <nl6720@gmail.com>2022-12-06 12:55:13 +0200
commitd31f38843ac0cb803561b0dbe976a3189ac0191c (patch)
tree395cc027f7992f6b0eb69b1d53e923c69a3e6c96
parent4ee6fdc1eab278485e13590c47c33db27de4efe5 (diff)
mkarchiso: do not try to use an non existent GPG public key file
The `bootstrap` build mode never calls `_export_gpg_publickey`, so even if the GPG key is passed with the `-g` option and thus the `gpg_key` variable is set, the `${work_dir}/pubkey.gpg` file will not exist. This has not caused any issue so far because the `ARCHISO_GNUPG_FD` file descriptor opens the file for both reading and writing, which means the file gets created if it does not exist. Assign the exported public key file name to a `gpg_publickey` variable in `_export_gpg_publickey` and check for it when the file is used. Since the exist status of the gpg command cannot be checked, look for the exported public key file instead.
Diffstat
-rw-r--r--CHANGELOG.rst2
-rwxr-xr-xarchiso/mkarchiso12
2 files changed, 9 insertions, 5 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5115cb1..982c722 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -12,6 +12,8 @@ Added
Changed
-------
+- Check if the GPG public key file was successfully placed in the work directory before trying to use it.
+
Removed
-------
diff --git a/archiso/mkarchiso b/archiso/mkarchiso
index 30c1e06..9000044 100755
--- a/archiso/mkarchiso
+++ b/archiso/mkarchiso
@@ -335,8 +335,8 @@ _make_custom_airootfs() {
_make_packages() {
_msg_info "Installing packages to '${pacstrap_dir}/'..."
- if [[ -n "${gpg_key}" ]]; then
- exec {ARCHISO_GNUPG_FD}<>"${work_dir}/pubkey.gpg"
+ if [[ -v gpg_publickey ]]; then
+ exec {ARCHISO_GNUPG_FD}<>"$gpg_publickey"
export ARCHISO_GNUPG_FD
fi
if [[ -v cert_list[0] ]]; then
@@ -364,7 +364,7 @@ _make_packages() {
exec {ARCHISO_TLSCA_FD}<&-
unset ARCHISO_TLSCA_FD
fi
- if [[ -n "${gpg_key}" ]]; then
+ if [[ -v gpg_publickey ]]; then
exec {ARCHISO_GNUPG_FD}<&-
unset ARCHISO_GNUPG_FD
fi
@@ -1614,8 +1614,10 @@ _set_overrides() {
}
_export_gpg_publickey() {
- rm -f -- "${work_dir}/pubkey.gpg"
- gpg --batch --no-armor --output "${work_dir}/pubkey.gpg" --export "${gpg_key}"
+ gpg_publickey="${work_dir}/pubkey.gpg"
+ rm -f -- "$gpg_publickey"
+ gpg --batch --no-armor --output "$gpg_publickey" --export "${gpg_key}"
+ [[ -s "$gpg_publickey" ]] || return
}
_make_version() {

Copyright © 2002-2022 Judd Vinet and Aaron Griffin. Copyright © 2022 Erich Eckner.
The Arch Linux name and logo are recognized trademarks. Some rights reserved. The registered trademark Linux® is used pursuant to a sublicense from LMI, the exclusive licensee of Linus Torvalds, owner of the mark on a world-wide basis.